CVE-2026-5422
Path Traversal in Jupyter Server
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: huntr.dev
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jupyter | jupyter-server | 2.17.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-23 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal issue in jupyter-server version 2.17.0. It occurs because the function that checks if a file path is within a designated root directory (_get_os_path) uses a method that can be bypassed by sibling directories with similar name prefixes. Additionally, another function (to_os_path) does not remove ".." path parts, allowing attackers to traverse directories outside the intended root. This means an attacker can access files outside the allowed directory.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to read or write files in directories that should be inaccessible, including sibling directories to the root directory. In shared hosting environments, this could lead to exposure of sensitive data or unauthorized modification of files.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized read/write access to files in sibling directories, potentially exposing sensitive data in shared hosting environments.
Such unauthorized access and potential data exposure could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls over access to sensitive information.